/**
* \brief Inspect the file inspecting keywords against the state
*
- * \param tv thread vars
* \param det_ctx detection engine thread ctx
* \param f flow
* \param s signature to inspect
*
* \note flow is not locked at this time
*/
-int DetectFileInspectGeneric(ThreadVars *_tv, DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Flow *f,
+int DetectFileInspectGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *_alstate, void *tx, uint64_t tx_id)
{
SCEnter();
}
int r = DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
- int match = DetectFileInspect(det_ctx, f, s, smd, flags, ffc);
+ int match = DetectFileInspect(det_ctx, f, s, engine->smd, flags, ffc);
if (match == DETECT_ENGINE_INSPECT_SIG_MATCH) {
r = DETECT_ENGINE_INSPECT_SIG_MATCH;
} else if (match == DETECT_ENGINE_INSPECT_SIG_CANT_MATCH) {
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
-int DetectFileInspectGeneric(ThreadVars *tv,
- DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatchData *smd,
- Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
+int DetectFileInspectGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
+ uint8_t flags, void *_alstate, void *tx, uint64_t tx_id);
#endif /* __DETECT_ENGINE_FILE_H__ */
sigmatch_table[DETECT_FILE_NAME].Setup = DetectFilenameSetupSticky;
sigmatch_table[DETECT_FILE_NAME].flags = SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER;
- DetectAppLayerInspectEngineRegister("files",
- ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_BODY,
- DetectFileInspectGeneric);
- DetectAppLayerInspectEngineRegister("files",
- ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_BODY,
- DetectFileInspectGeneric);
-
- DetectAppLayerInspectEngineRegister("files",
- ALPROTO_SMTP, SIG_FLAG_TOSERVER, 0,
- DetectFileInspectGeneric);
-
- DetectAppLayerInspectEngineRegister("files",
- ALPROTO_NFS, SIG_FLAG_TOSERVER, 0,
- DetectFileInspectGeneric);
- DetectAppLayerInspectEngineRegister("files",
- ALPROTO_NFS, SIG_FLAG_TOCLIENT, 0,
- DetectFileInspectGeneric);
-
- DetectAppLayerInspectEngineRegister("files",
- ALPROTO_FTPDATA, SIG_FLAG_TOSERVER, 0,
- DetectFileInspectGeneric);
- DetectAppLayerInspectEngineRegister("files",
- ALPROTO_FTPDATA, SIG_FLAG_TOCLIENT, 0,
- DetectFileInspectGeneric);
-
- DetectAppLayerInspectEngineRegister("files",
- ALPROTO_SMB, SIG_FLAG_TOSERVER, 0,
- DetectFileInspectGeneric);
- DetectAppLayerInspectEngineRegister("files",
- ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0,
- DetectFileInspectGeneric);
+ DetectAppLayerInspectEngineRegister2("files", ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_BODY,
+ DetectFileInspectGeneric, NULL);
+ DetectAppLayerInspectEngineRegister2("files", ALPROTO_HTTP, SIG_FLAG_TOCLIENT,
+ HTP_RESPONSE_BODY, DetectFileInspectGeneric, NULL);
+
+ DetectAppLayerInspectEngineRegister2(
+ "files", ALPROTO_SMTP, SIG_FLAG_TOSERVER, 0, DetectFileInspectGeneric, NULL);
+
+ DetectAppLayerInspectEngineRegister2(
+ "files", ALPROTO_NFS, SIG_FLAG_TOSERVER, 0, DetectFileInspectGeneric, NULL);
+ DetectAppLayerInspectEngineRegister2(
+ "files", ALPROTO_NFS, SIG_FLAG_TOCLIENT, 0, DetectFileInspectGeneric, NULL);
+
+ DetectAppLayerInspectEngineRegister2(
+ "files", ALPROTO_FTPDATA, SIG_FLAG_TOSERVER, 0, DetectFileInspectGeneric, NULL);
+ DetectAppLayerInspectEngineRegister2(
+ "files", ALPROTO_FTPDATA, SIG_FLAG_TOCLIENT, 0, DetectFileInspectGeneric, NULL);
+
+ DetectAppLayerInspectEngineRegister2(
+ "files", ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, DetectFileInspectGeneric, NULL);
+ DetectAppLayerInspectEngineRegister2(
+ "files", ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0, DetectFileInspectGeneric, NULL);
//this is used by filestore
- DetectAppLayerInspectEngineRegister("files",
- ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient,
- DetectFileInspectGeneric);
- DetectAppLayerInspectEngineRegister("files",
- ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer,
- DetectFileInspectGeneric);
+ DetectAppLayerInspectEngineRegister2("files", ALPROTO_HTTP2, SIG_FLAG_TOSERVER,
+ HTTP2StateDataClient, DetectFileInspectGeneric, NULL);
+ DetectAppLayerInspectEngineRegister2("files", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT,
+ HTTP2StateDataServer, DetectFileInspectGeneric, NULL);
g_file_match_list_id = DetectBufferTypeGetByName("files");
projects / thirdparty / suricata.git / commitdiff
